This guy wrote his own blog in PHP instead of, I dunno, literally anything else. Can you teach him a lesson?

The server is running php 7.4.26. If you're running locally, use Docker php@sha256:920a88344203adf78471ca898773f0e0ac171fb4a3be4ba2d4f9585163aaf038

source.zip

Note: You won't be able to read the flag directly. If the flag appears to be empty, try a different strategy.